ProgrammingLooking for resources
Posted:

ProgrammingLooking for resourcesPosted:

S7
  • V5 Launch
Status: Online
Joined: Dec 04, 201014Year Member
Posts: 2,589
Reputation Power: 4683
Status: Online
Joined: Dec 04, 201014Year Member
Posts: 2,589
Reputation Power: 4683
Hello everyone, i must be either searching wrong or just not searching the right thing. I am looking for a basic resource to teach myself how to put security on a program i developed. Just want something that when opened have to get an access code from me to get into the program. Not exactly sure but I keep coming up blank on my search. Basically something like a premium access.
#2. Posted:
Xaldin
  • 2 Million
Status: Offline
Joined: Oct 09, 201014Year Member
Posts: 2,358
Reputation Power: 106
Status: Offline
Joined: Oct 09, 201014Year Member
Posts: 2,358
Reputation Power: 106
what kind of program?

Is this like a login inside the program itself or can the user not launch a .exe without the password?
#3. Posted:
S7
  • Winter 2017
Status: Online
Joined: Dec 04, 201014Year Member
Posts: 2,589
Reputation Power: 4683
Status: Online
Joined: Dec 04, 201014Year Member
Posts: 2,589
Reputation Power: 4683
Xaldin wrote what kind of program?

Is this like a login inside the program itself or can the user not launch a .exe without the password?


thanks for the response, its actually an AHK script i made, no login or anything like that. I can turn it into an exe and so Im wondering if its possible to lock it for premium feature. Ive been doing some digging to code it into the script itself but its not all that easy.
#4. Posted:
-Deano
  • Rated Awesome
Status: Offline
Joined: Aug 19, 201014Year Member
Posts: 5,243
Reputation Power: 532
Status: Offline
Joined: Aug 19, 201014Year Member
Posts: 5,243
Reputation Power: 532
You won't be able to realistically lock an autohotkey script due to the nature of how scripts are made. Anyone with even slight technical capabilities will be able to bypass any security you try to use for it.
#5. Posted:
SparkleChai
  • New Member
Status: Offline
Joined: Dec 08, 20195Year Member
Posts: 7
Reputation Power: 0
Status: Offline
Joined: Dec 08, 20195Year Member
Posts: 7
Reputation Power: 0
Before you go looking for the direct resource to make security with, you better may want to start researching or looking for a code language to learn so that you would be able to write your own code. Differing on whichever resource you go with would be a difference to whichever coding you would want to look up and learn. After you learn the code language then, it would be better to start then looking for programs to work the coding into.
#6. Posted:
CriticaI
  • Christmas!
Status: Offline
Joined: Nov 05, 201311Year Member
Posts: 2,753
Reputation Power: 452
Status: Offline
Joined: Nov 05, 201311Year Member
Posts: 2,753
Reputation Power: 452
Like others said you should use a real programming language instead of AHK. Once you do, then this answer may help you out.

Firstly, this is an abstract answer that doesn't answer your question specifically but should put you on the right path. If you have any more questions, I'll try to answer them as best as I can, but I'm not a security expert.

You cannot lock a program or restrict access securely without knowing about authentication and authorization. To authenticate someone, you will most likely need a remote server to store data about each user. As an example, you could store the data in a database like MySQL. Then you would make a query on behalf of the user and check if their credentials match what you have in the database.

There are ways to authenticate local users, but I know nothing about that. Likewise, I have always been told that data stored on a client's computer cannot be trusted.

Once a user is authenticated, then you can authorize them. So in your case, you would have a boolean to check if the currently authenticated user entered an access code. Then based the boolean you could show or hide parts of your program.

Authentication and authorization are not easy!

If you can, you would be better off using an authentication library. Also, if you don't want to be held liable for data loss, requiring users to sign in with a 3rd party service like GitHub, Facebook, Twitter, etc. is an even better idea.

Some pointers:
* always hash passwords before storing.
* compare hashes to determine if the password is valid.
* Never store database or API credentials on the client's machine.
* Never store credentials in a code repository
* Use an approved hash function or keyed-hash function (MIC). Do not use MD5 or SHA-1.
* Transmit auth data over a secure protocol like HTTPS.
Users browsing this topic: None
Jump to:


RECENT POSTS

HOT TOPICS